Gravithon 2021- Capture the flag

Balalikhith
5 min readAug 30, 2021

--

Photo by Nico Smit on Unsplash

In August 2021, Team Gravity came up with a Mega Tech Fest of 1 Month Duration which includes various tech events, Conferences, Workshops from global Speakers. Along with this Gravity came up with the Capture the Flag which is also well known as CTF. The CTF mainly Concentrated on Cryptography and Forensics.

The Challenges are Divided by Welcome, Easy, Medium, Hard, and Forensics. So let’s see what are they.

Let me start with the Welcome Challenges. You can Access the challenges from here Gravithon2021-CTF

It was a warm welcome. The challenges are designed in the way everyone would be able to score some minimum score and flag format is gravithon{}

1. Warm Welcome(50 pts)

In these welcome challenges, we are not required to strain. We have given the flag already gravithon{W3lc0me&Welcome_t0_Gr4v1th0n_2021} By Submitting this it is done.

2. You Got it(50 pts)

In this case, they asked a simple one what is the hashtag of gravity. By just scrolling through some Instagram or LinkedIn posts we will get to know that it’s #feelthegravity adding that to the flag format we will get the Flag which is gravithon{}

3. How About Some Exploring the Things( 50 pts)

In this case, we are given a message. You can check it in the below image. By just visiting the Discord Server we will get the flag in the general section. which is gravithon{Xpl0re_Th3Uns33n@_Cyb3rXpl0re}

4. Readme.md

Here we have given some information. which explains the flag format and mail-id of the team for technical support. And there is a line stating that

Belive Me It's a Life Saver

Later you will get to know about this So just submitting this flag we got the things and we can secure 200pts without any hard work. And done with the Welcome Challenges. Now let’s dive into Easy One’s

Photo by Pablo Arroyo on Unsplash

Letters(50 pts)

When we look into it and the name suggests it is some type of shift cipher and it can be easily identified through this cipher analyzer tool. By pasting the given cipher we will get the flag. So converting to lower case and keeping in format gives the flag gravithon{shift_is_ofcource_easy}

Robbery(50pts)

Here in the description of the challenge, it was stated that some key is missing so by brute-forcing we are going to get the flag which is gravithon{H4v3_y0U_us3d_Brut3F0rc3??}

TIK TOK(50 pts)

Here we got a textfile when I just opened it we can see some kind of dots and dashes which is a Morse code by decoding using an online tool we get gravithon{M0RS3IS4LWAYSB3EST}

Binary Always Awsome(50pts)

Here we got some other textfile which is having these types of numbers

0000000000000000000000000000001100100000100000000000100…..

After solving and different loops we will get gravithon{Th3s3_Pr0gr4mm1ng_Sucks}

SO LOUDD(50pts)

Here we got an audiofile and the name itself says morse so decoding via some online tool we get gravithon{1STH1SAM0RS3C0D3?} but submitting the thing won't work so when we check hint Just Separate the things not more than that so giving out the spaces for each word gravithon{1S TH1S A M0RS3 C0D3?} and this works

Fly High to Tianjin

By seeing that it doesn’t look like a cipher so used some hash finder then we got to know it’s SHA 1 and using some online tools like crack station or Dcodefr we can get the hash as Unimaginatively keeping it in the format will get gravithon{Unimaginatively}

Everything is not Visible(50pts)

Here in this we are given with the thing explore our website by clicking on it it's just redirecting to the official website nothing present there and the hint given over there is How to check wherelinkgoes without clicking it so wheregoes is a website to check the redirect URLs

Checking over here the flag is hidden in the redirect link. The flag is gravithon{Y0u4r3S4f3} and now we are done with the easy challenges and I am bored with these crypto challenges how about looking into some FORENSICS?

LOOK INTO IT(150 pts)

Checking the image in aperi got some data which is

In Comment we can see that keeping that in flag we will get the flag

--

--